At least 40 fraudulent websites related to fake FIFA World Cup 2026 ticket sales have been exposed by cybersecurity experts. These websites are part of a network involving 15 cybercriminals who engage in sophisticated scams beyond traditional phishing methods. The scammers use cloned FIFA ticketing platforms and advanced techniques like real-time card skimming to steal payment details from unsuspecting victims.
The fake websites closely resemble authentic FIFA ticketing sites, featuring official branding, match schedules, stadium information, and secure checkout messages to deceive users. This elaborate operation acts as a real-time phishing framework that tracks victims’ payment processes, captures card information such as numbers, expiry dates, and CVV codes, and may intercept one-time passwords (OTPs) for bypassing authentication.
Furthermore, the investigation uncovered a larger fraud ecosystem that includes a rogue payment processing network and a multi-tenant infrastructure supporting multiple cybercriminal operators. The backend infrastructure, managed through a Chinese-language interface, hosts at least 15 separate operator instances, indicating a scalable cybercrime setup rather than isolated phishing sites.
Gagan Aggarwal, a Threat Intelligence Researcher at CloudSEK TRIAD, highlighted the alarming trend of cybercriminal groups exploiting major global events like the FIFA World Cup. These groups are now employing advanced tactics such as full checkout impersonation, live victim tracking, card skimming, and OTP interception within a single operational platform.
